Protect your WordPress origin by requiring a secret request header and blocking direct access with Apache .htaccess rules.
Connect your site to Webfiable (webfiable.com) to track config health and get security recommendations. Public early access (white march). Free.
A basic security plugin for WordPress 4.x, 5.0 or higher. You can selectively disable unused features in WordPress core...
Hardens and protects your site by locking down login, REST API, XML‑RPC, file editor, and applying HTTP security headers.
WordPress and hosting security scanner with plain-English findings, safe hardening actions, reports, and Pro AI summaries.
This plugin will check for a user named 'admin' and prompt the user to create a new account.
A simple way to clean and secure WordPress by disabling unnecessary features like comments, XML-RPC, and RSS feeds.
The WeSecur plugin audits and protects your WordPress by daily analyzing malware, blacklists and vulnerabilities that can be exploited to infect your website and blocking attacks and spambots with tools specially designed to protect your WordPress.
Firewall, malware scan & IP blocking for WordPress, with Quick Scan Overall Security Rating, hardening, quarantine and integrity checks. PRO adds AI.
Control what each active plugin is allowed to do. Allow or deny specific permissions per plugin, with immediate effect.
Basic hardening: secure headers, login honeypot, user enumeration blocking, generic login errors, rate limiting, and more.
Adds some extra security to your WordPress with only one click.
Firewall, Scanner, Login Protect, block user enumeration and TOR, disable Json WordPress Rest API, xml-rpc (xmlrpc) & Pingback.
Lightweight WordPress security scanner and hardening tool. Detects malware, suspicious plugins, admin changes, and protects your site with built-in security options.
A lightweight plugin to disable XML-RPC, restrict the REST API, and hide the WordPress version.
Lightweight attack detection for WordPress. Logs brute force, XML-RPC abuse, SQL injection, XSS attempts and more. No bloat, no blocking — just data.
Premium WordPress security with WAF, brute force block, URL obfuscation, malware scanning, and core reinstallation.
Put your WordPress site in read-only mode — block persistent changes while keeping the site browsable until an administrator disables the freeze.
Simple one-click WordPress security. Protect your site in 30 seconds.